Difference between revisions of "Web deployment policies"
From Jon's Wiki
(Created page with "* Website code should not be able to write to itself * Use https wherever possible * Use salted good hashes for passwords") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | * | + | * Server code should not be able to write to itself |
− | * Use | + | ** one user for webserver (fastcgi?) to run as, one for deployment |
+ | ** data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>) | ||
+ | * config should live under /etc/, and not in the docroot/code | ||
+ | * Use SSL/TLS wherever possible | ||
* Use salted good hashes for passwords | * Use salted good hashes for passwords |
Latest revision as of 03:15, 25 March 2016
- Server code should not be able to write to itself
- one user for webserver (fastcgi?) to run as, one for deployment
- data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
- config should live under /etc/, and not in the docroot/code
- Use SSL/TLS wherever possible
- Use salted good hashes for passwords